package com.green.web.interceptor;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.green.common.exception.PermissionDeniedException;
import com.green.model.manage.Person;
import com.green.service.common.ServiceContext;
import com.green.web.util.PermissionHelper;

/**
 * 权限检查
 * 
 * @author fengwenjin
 */
public class PermissionInterceptor extends HandlerInterceptorAdapter {

	private List<String> excludeUris;

	public void setExcludeUris(List<String> excludeUris) {
		this.excludeUris = excludeUris;
	}
	
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
		String uri = request.getRequestURI().replaceAll(request.getContextPath(), "");
		if (excludeUris != null && excludeUris.contains(uri)) {
			return true;
		}
		if (excludeUris != null && excludeUris.contains(uri) || uri.lastIndexOf(".service") > 0 || uri.equals("/check") || uri.startsWith("/login") || uri.startsWith("/interface") || uri.startsWith("/f7")) {
			return true;
		}
		Person person = ServiceContext.getLoginPerson();
		if(person != null && person.getNumber().contains("admin")){
			return true;
		}
		if(PermissionHelper.hasPermission(uri)){
			return true;
		}
		// 抛出权限异常
		throw new PermissionDeniedException("[uri=" + uri + "]你没有访问权限");
	}

}
